APPLICATION NO. 


FILING DATE 


FIRST NAMED INVENTOR 


ATTORNEY DOCKET NO. 


CONFIRMATION NO. 


09/707,417 


1 1/06/2000 


Vance C. Bjorn 


003022.P019X 


9958 



7590 06/13/2007 

Judith A. Szepesi 

BLAKELY, SOKOLOFF, TAYLOR & ZAFMAN LLP 

Seventh Floor 

12400 Wilshire Boulevard 

Los Angeles, CA 90025-1026 



EXAMINER 



MOORTHY, ARAVIND K 



ART UNIT 



PAPER NUMBER 



2131 



MAIL DATE 



DELIVERY MODE 



06/13/2007 PAPER 

Please find below and/or attached an Office communication concerning this application or proceeding. 

The time period for reply, if any, is set in the attached communication. 



PTOL-90A (Rev. 04/07) 



Office Action Summary 


Application No. 

09/707,417 


Applicant(s) 

BJORN, VANCE C. 


examiner 

Aravind K. Moorthy 


Art Unit 
2131 




- The MAILING DATE of this communication appears on the cover sheet with the correspondence ao 


Idress - 



Period for Reply 
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DETAILED ACTION 

1 . This is in response to the appeal brief filed on 7 February 2007. 

2. Claims 1-31 are pending in the application. 

3. Claims 1-31 have been rejected. 

Response to Arguments 

4. In view of the appeal brief filed on 7 February 2007, PROSECUTION IS HEREBY 
REOPENED. The rejection set forth below. 

To avoid abandonment of the application, appellant must exercise one of the following 
two options: 

(1) file a reply under 37 CFR 1.111 (if this Office action is non-final) or a reply under 37 
CFR 1.113 (if this Office action is final); or, 

(2) initiate a new appeal by filing a notice of appeal under 37 CFR 41.31 followed by an 
appeal brief under 37 CFR 41,37. The previously paid notice of appeal fee and appeal brief fee 
can be applied to the new appeal. If, however, the appeal fees set forth in 37 CFR 41.20 have 
been increased since they were previously paid, then appellant must pay the difference between 
the increased fees and the amount previously paid. 

A Supervisory Patent Examiner (SPE) has approved of reopening prosecution by signing 

below: 
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Claim Rejections - 35 USC § 112 
The following is a quotation of the first paragraph of 35 U.S.C. 1 12: 

The specification shall contain a written description of the invention, and of the manner and process of making 
and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it 
pertains, or with which it is most nearly connected, to make and use the same and shall set forth the best mode 
contemplated by the inventor of carrying out his invention. 

The following is a quotation of the second paragraph of 35 U.S.C. 112: 

The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the 
subject matter which the applicant regards as his invention. 

5. Claims 1-13 and 17-31 are rejected under 35 U.S.C. 112, first paragraph, as failing to comply 

with the enablement requirement. The claim(s) contains subject matter which was not described 

in the specification in such a way as to enable one skilled in the art to which it pertains, or with 

which it is most nearly connected, to make and/or use the invention. 

Independent claims 1 and 17 are directed towards a method of authenticating a client. 

The claim recites "receiving a record ID for a user, the record ID being a random number 

generated for tracking authentication data and disassociating the authentication data from other 

client data". Claim 1 further recites "determining if the user's authentication data matches the 

record ID". 

Page 12 (lines 7-15) of the specification of the current application states, "The 
authentication server 220 further includes a biometric data comparison logic 485, which 
compares the biometric data received from the client 240 with the biometric data associated with 
the particular user. For one embodiment, the user is identified based on the record ID. For one 
embodiment, the biometric data comparison logic 485 compares two templates. For another 
embodiment, the biometric data comparison logic 485 further includes a feature extraction logic 
470, which generates a template from an image. For yet another embodiment, the template stored 
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in the authentication server 220 may be directly compared with the image received from the 
client 240". 

The applicant describes how a user is authenticated by the use of biometric data and on a 
record ID. However, the applicant does not describe the record ID being a random number. 
Also, the applicant does not describe determining if the user's authentication data matches a 
record ID (random number). The applicant has not shown how a biometric can be authenticated 
with a random value. One of ordinary skill in the art would not be able to determine how a 
biometric feature can be authenticated with a random number. 

6. Claims 1-31 are rejected under 35 U.S.C. 112, second paragraph, as being indefinite for 
failing to particularly point out and distinctly claim the subject matter which applicant regards as 
the invention. 

7. Claims 1 and 14 recite the limitation "the user's private key" in the claim. There is 
insufficient antecedent basis for this limitation in the claim. 

8. Independent claims 1 and 17 recites "receiving a record ID for a user, the record ID being 
a random number generated for tracking authentication data and disassociating the authentication 
data from other client data". Claim 1 further recites, "determining if the user's authentication 
.data matches the record ID". However, as discussed above, it is unclear to the examiner how a 
record ID being a random number can be authenticated with the user authentication data. 

9. Claim 2 recites the limitation "the private key" in the claim. There is insufficient 
antecedent basis for this limitation in the claim. 

10. Claims 17, 19, 20 and 27 recite the limitation "the client" in the claim. There is 
insufficient antecedent basis for this limitation in the claim. 
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11. Claim 19 recites the limitation "a nonce generation logic to generate a nonce, the nonce to be 
included with the user authentication data from the client". However, it is unclear how the nonce 
gets to the client. It is unclear to the examiner where the nonce is being generated. 

12. Claims 23 and 27 recite the limitation "the server" in the claim. There is insufficient 
antecedent basis for this limitation in the claim. It is unclear to the examiner whether it's the 
authentication server or the third-party server. 

13. Claim 24 recites the limitation "the client's authentication data" in the claim. There is 
insufficient antecedent basis for this limitation in the claim. 

Any claims not directly addressed are rejected on the virtue of their dependency. 

Claim Objections 

14. Claims 14 and 17 are objected to because of the following informalities: grammatical errors. 

As to claim 14, in the second limitation, the claim recites "generating one-time key and 
encrypting the one-time key with a public key of the user, and sending the encrypted one-time 
key and the record ID to the user". The examiner asserts that the word "a" has been omitted 
from the limitation. The limitation should recited "generating a one-time key and encrypting the 
one-time key with a public key of the user, and sending the encrypted one-time key and the 
record ID to the user". Independent claim 17 recites in the preamble "A third-party 
authentication system comprising". The preamble should recite, "A three -party authentication 
system comprising". 

Appropriate correction is required. 
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Allowable Subject Mailer 

15. Claims 1-31 are allowed. 

As to independent claim 1, prior art does not disclose, suggest or fairly suggest receiving 
a record ID for a user, the record ID being a random number generated for tracking 
authentication data and disassociating the authentication data from other client identity data, and 
a one-time key generated by a third party server and encrypted with a user's public key by the 
server. Prior art does not disclose, suggest or fairly suggest determining if the user's 
authentication data matches the record ID. 

As to independent claim 14, prior art does not disclose, suggest or fairly suggest looking 
up a record ID associated with the user, the record ID being a random number generated to track 
the user's authentication data and used to separate the user's other identity information from the 
authentication data. Prior art does not disclose, suggest or fairly suggest generating a one-time 
key and encrypting the one-time key with a public key of the user, and sending the encrypted 
one-time key and the record ID to the user. Prior art does not disclose, suggest or fairly suggest 
receiving the authentication data, the authentication data being the decrypted one-time key 
decrypted with the user's private key by the authentication server, such that the user does not 
have control of the user's private key at any time. Prior art does not disclose, suggest or fairly 
suggest permitting access to the server. 

As to independent claim 17, prior art does not disclose, suggest or fairly suggest an 
authentication server to receive a record ID for a user, the record ID being a randomly generated 
number used to separate the user's other identity information from the user's authentication data, 
and a one-time key generated by a third party server and encrypted with a user's public key by 
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the third party server. Prior art does not disclose, suggest or fairly suggest a comparison logic in 
the authentication server to receive the user authentication data from the client and determine 
whether the user's authentication data matches the record ID. Prior art does not disclose, suggest 
or fairly suggest a decryption logic in the authentication server to decrypt the one-time key with 
a private key associated with the validated record ID, and to return the decrypted one-time key to 
the client, as discussed above. 

Any claims not directly addressed are allowed on their virtue of dependency. 
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Conclusion 



16. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Aravind K. Moorthy whose telephone number is 571-272-3793. 
The examiner can normally be reached on Monday-Friday, 8:00-5:30. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Ayaz R. Sheikh can be reached on 571-272-3795. The fax phone number for the 
organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would 
like assistance from a USPTO Customer Service Representative or access to the automated 
information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 



Aravind K Moorthy 
June 7, 2007 
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